icedid | 9d9f92f4cd5d745fb3ec35a7e923cc479475a30e334221692857cb9edd066762

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 16:30

Target

9d9f92f4cd5d745fb3ec35a7e923cc479475a30e334221692857cb9edd066762.dll
Size

490KB
MD5

42fea0e6baa844b0ab7c0259fe28e35d
SHA1

6bcae18679edf898208542a88b2c152cf0afc011
SHA256

9d9f92f4cd5d745fb3ec35a7e923cc479475a30e334221692857cb9edd066762
SHA512

6944b5773b9a9d581cbbe71b8cc640429d3360e7e68de9ccfe9989dd04e0a26e3f932153a76fd5e60d1eaf0e15a83267af77cf51a56da6d8086949d256774e8a
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRc:knmj6xK1y3Ik6TZGRc

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1908	regsvr32.exe
1908	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9d9f92f4cd5d745fb3ec35a7e923cc479475a30e334221692857cb9edd066762.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

memory/1908-0-0x00000000004F0000-0x00000000004FE000-memory.dmp

Filesize
56KB

Download
memory/1908-1-0x00000000004F0000-0x00000000004FE000-memory.dmp

Filesize
56KB

Download